W 301: Using the Github API with Postman (10 pts extra)

What You Need

Purpose

To practice using Postman and a popular API, to understand the security issues and API secrets.

Create a Target Server

Create a new Debian 9 server on the Google Cloud, with the default settings, including a 10 GB disk.

Installing Salt

In an SSH session on your target server, execute these commands: In a Web browser, to to

https://github.com

At the top right, click "Sign Up".

Create an account. Verify your email address.

Create a new private repository, as shown below.

Creating a Token

In Github, at the top right, next to the icon representing you, click the down-arrow. Click Settings, as shown below.

On the left side, click "Developer settings".

On the left side, click "Personal access tokens".

On the right side, click the "Generate new token" button.

In the "New personal access token" page, enter a Note of postman and check the repo box, as shown below.

Scroll to the bottom and click the green "Generate token" button.

Your token appears, as shown below.

Copy it and paste it into a text editor so you don't lose it.

Installing Postman

If you don't have Postman installed, get it here:

https://www.getpostman.com/downloads/

Sending a GET Request

In Postman, set the method to GET.

Set the URL to this, replacing "samtest1" with your Github ID:

https://api.github.com/users/samtest1

On the Authorization tab, select a TYPE of "No Auth".

On the Headers tab, clear the check box next to any extra headers you may have left over from a previous project, such as the Authorization and Content-Type headers in the image below.

Click the blue Send button.

In the lower portion of the window, public information about your Github account appears, as shown below.

Finding Public Repositories for octokit

In Postman, submit a GET request for:

https://api.github.com/orgs/octokit/repos

Public repositories are found, as shown below.

Finding your Public Repositories

In Postman, submit a GET request for this URL, replacing "samtest1" with your Github username:

https://api.github.com/orgs/samtest1/repos

No public repositories are found, as shown below.

Adding an Authentication Token

In Postman, under the "GET" verb, click the Authorization header.

Select a TYPE of "Bearer Token".

In the Token field, paste in your token, as shown below.

Creating a New Repository

The documentation for creating a new repository is here.

In Postman, prepare a POST request for this URL, replacing "samtest1" with your Github username:

https://api.github.com/user/repos

In the top portion of Postman, c click the Body tab. Click the raw button. Paste in this code, as shown below.


{
  "name": "test",
  "description": "Created from the API",
  "homepage": "https://github.com",
  "private": false,
  "has_issues": true,
  "has_projects": true,
  "has_wiki": true
}
Click the blue Send button.

In the lower portion of the window, information about the new repository appears, as shown below.

Flag W 301.1: Status (10 pts)

The flag is the status code, covered by a green rectangle in the image above.

References

An Introduction to SaltStack Terminology and Concepts


Posted 2-24-2020